When maxTimeSinceAuthn is used, valid time interval is miscalculated when IdP time is a few seconds ahead of SP time
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
If IdP time is ahead of SP time, valid time interval is miscalculated when using maxTimeSinceAuthn. Skew needs to be taken into account to prevent the calculation ending up negative.
If IdP time is ahead of SP time, valid time interval is miscalculated when using maxTimeSinceAuthn.
Skew needs to be taken into account to prevent the calculation ending up negative.